I'm beginning to think I want my expertise to be in wireless before I start my pentesting/security career. Will companies ever start moving towards using primarily wireless networks? I would think they would because tech is growing so fast (but I really dont know?), so Im thinking about getting the CWNP certs, CCNA- CCIE wireless.

I am taking the OSWP right now and I was wondering the same thing. I figured it would be more widespread once people made WPA2 Enterprise with RADIUS more of a standard. I think it would take, some kind of all-in-one setup for people to hop to it which is probably a bad idea to do anyway. So that is exactly what will happen...

Even without encryption and authentication challenges, I think this is an incredibly bad idea for any mission critical network. Wireless DoS attacks are trivial, and even accidental interference can bring your network to a grinding stop. Do you really want your critical business practices relying on such a flaky network infrastructure? I would never recommend it unless you are OK with regular network outages.

That being said, it's a really good idea to learn more about wireless and wireless security issues. While companies might not use it as the primary mechanism they will certainly be augmenting wired capabilities with wireless.

I have the opposite point of view than some members here. I think the world is moving towards more wireless rapidly. After Voice Enterprise gets ratified, I think things will pick up even more.

With 802.11n, bandwidth has exceeded older networks that use 10/100 ethernet, security is getting better and more ubiquitous by the day, prices are dropping, the control and management plane is moving to the cloud and the way laws are (and are moving to be stricter), if you attempt a wireless DOS attack against a company, it is quite trivial to track you down and bust you. And you had better be sure you're completely compliant to EIRP regulations if you want to claim you have the right to use the airspace freely if that's your excuse. Most companies now have policies against rogue routers so if you are on their property....

We have smartphones that use the WLAN, RFID tracking picking up speed bigtime, my doctor swears by his wireless IPAD for scheduling (we just got through talking about paperwork reduction at his facility yesterday), wireless security cameras, WIPS & WIDS improving, new bandwidth space being proposed and explosive bandwidth use on cellphones. Need I go on? Let me also remind everyone about how the costs for wiring a new building for ethernet is much more expensive than wireless, especially when we're in a down economy.

We are not sayhing that we will not go toward to wireless network (full activities), but you already explained with some compliants, technologies and more security (and do dot forget the thread that ipv6 will bring).

Right now a lot a companies deploy wireless only to give some kind of access quickly (easy way). I think we talked about thosed companies.

In the other hand there are companies that disgn and deploy secure wireless network because it is the core access to their networks and remember to everybody will move to the cloud.

I still disagree. Wireless should only compliment Wired. I'm going to need a more compelling argument to change my opinion.

Wireless for client access is indeed increasing, no one is denying that. Also, most offices that had cat 5e installed are running gigabit ethernet, not 10/100.

You're also comparing 802.11n speeds to 100 Mb ethernet but the numbers for both are theoretical maximums. There is always going to be interference in the 802.11 space unless you're in a bunker.

You will not see wireless take in the datacenter like you're talking about. And just because people "are moving to the cloud" doesn't mean it makes good security sense. I couldn't fathom moving our erp system to the cloud. Or moving a critical industrial control system to the cloud.... That's crazy talk.

Let me qualify my answer then. I certainly would never suggest a datacenter go wireless. The original question I have an opposing (?) opinion on is "Will companies ever start moving towards using primarily wireless networks?" and to that I say yes.

The wireless of yesterday is rapidly changing. Take a look at what Bluesocket is now doing with moving the management and control planes to a virtual machine that can hosted in the cloud (http://www.bluesocket.com/media/2010-07 ... epaper.pdf), thus providing hot-swap redundancy. I absolutely can see "companies [...] moving towards using primarily wireless networks" though I should disclose that I'm one of the crowd of people trying to make that happen.

Done properly, a company can save a lot of money by going wireless in many circumstances (but not all) and network designers planning for the future should absolutely take wireless into consideration as the growth of devices, especially in the hospital arena, explodes. They are one the biggest drivers of these advancements as they have expensive devices that need to be mobile as well as tracked so staff always knows where the closest infusion pump or EKG machine is.

re:"There is always going to be interference in the 802.11 space unless you're in a bunker."

I would say that very well depends on the building and what type of corporation you're talking about. If you share office space with others in a building, yes you definitely will have interference. If you own the whole building and sometimes the whole block, ehhh...not so much. By entering some properties, you are absolutely not allowed to bring up your own AP and a WIPS should catch that immediately and someone carrying a gun is quite likely to put you through a lot of hell. Pointing your 'cantenna' at some target is going to do you little good if the company is using 802.1x and other security measures.

re:"I couldn't fathom moving our erp system to the cloud. Or moving a critical industrial control system to the cloud.... That's crazy talk."

I'm not suggesting you do. I'm not painting broad strokes here, suggesting that all companies should move to wireless. I can point out a thousand scenarios where that would be a bad thing but OTOH, I can come up with a thousand where it does make sense. We do a lot of apartment complexes and I can say unequivocally that it makes a lot of sense in that environment.

And I'll repeat the point I made earlier that your security is rarely as good as most admins think it is, as the video points out it can usually be defeated very easily.

Last edited by WCNA on Sat Sep 03, 2011 9:28 pm, edited 1 time in total.

Interesting stuff from Bluesocket. You and I come from different camps. I am in the energy sector and the last thing on our radar is implementing technology like this at any of our facilities. I can certainly see applications for it but I still stick by my wired over wireless. To your point about physical security, you'd have the same problems that I would with my evil wired ethernet if you had physical security issues - so that point is a wash.

And I'll repeat the point I made earlier that your security is rarely as good as most admins think it is, as the video points out it can usually be defeated very easily.

I could not agree more. However, it's not uncommon to have a separate physical security department, that is separate from the IT group. Physical security #fails are a corporate culture and training problem - you cant blame it all on the admins.